FBI Claims It Has No Record Of Why It Deleted Its Recommendation To Encrypt Phones

from the maybe-it-was-encrypted dept

A couple of years ago, I wrote about how -- just as the FBI was whining about encryption and "going dark" -- it was, at the same time, urging people to encrypt their mobile phones to protect against crime:

Then, last year, I noticed that the page had been deleted. Seemed curious, so I sent in a Freedom of Information Act (FOIA) to the FBI to better understand why that page had magically been deleted, just at the time it seemed to contradict the FBI Director's statements about encryption.

It, of course, took much longer than the legally mandated 20-day response time, but the FBI has finally "responded" to tell me that it can't find anything. So sorry, too bad.

If you can't read that, it says:

Based on the information you provided, we conducted a search of the locations or entities where records responsive to your request would reasonably be found. We were unable to locate records responsive to your request. If you have additional information that may assist in locating records concerning the subject of your request, please provide us the details and we will conduct an additional search.

It is, of course, entirely possible that my request was not clear enough -- though I specifically pointed them to where the URL used to be and what was on it. So I'm not entirely sure what other information to provide in response. And that's part of the problem with the FOIA process. It's something of a guessing game, where if you don't guess exactly the proper way to phrase what you want, they'll just come back with a no responsive documents response. Of course, perhaps they just encrypted the information on an iPhone and they won't be able to get it for me unless they win their fight against Apple... right?

Reader Comments

Much more likely...

FBI Agent 1: "I just realized something. Given we are currently trying to demonize and undermine encryption, spinning it as something that only criminals use, having a page up telling people how encryption should be employed as it makes them safer from criminals kinda makes us look like gigantic hypocrites."

FBI Agent 2: "Good point. Yeah, I'll go and have a chat with the techies, have that page removed."

FBI 1: "Do we need to notify anyone? Fill out any forms or anything? We are talking about changing the site by removing something after all."

FBI 2: "Nah, no need to write this up, it's a minor change, should have been done before now anyway."

FBI 1: "True enough. Also means if someone tries to ask us why the page is no longer there we can play the standard 'How long can we force them to wait?' game before telling them there's no documents with regards to their requests."

The real problem with he FOI process is that people have to request records that should be made public by default. Such records should be available so that the public can scrutinize what public servants are doing on their behalf.

Re:

It could be worse

They could have revised it to this (borrowed from the copyright warning screens) statement:

"Depending on the type of phone, the operating system may have encryption available. Criminal encryption use including encryption use without monetary gain, is investigated by the FBI and is punishable by up to 5 years in federal prison and a fine of $250,000."

What I find interesting is how you try to paint the FBI as a single, monolithic thing. Rather than being a collection of people, offices, and operating groups, you portray it as a single unified entity where everything it does is immediately known and understood at every other levels by every other people at every time.

It's sort of like an organizational strawman: Find the contradictory document from X years ago, and prove that the single entity FBI (or CIA, or other organization) is some how full of sh-t.

This whole story is a great example: The "FBI says encrypt" document that you point to part of tips to avoid being a victim of malware or ransomware. It does give the tip to encrypt personal data, and seems to be more aimed at individual data and not the full phone.

Oh. and it's from four years ago, before many had considered the implications of encryption and the criminal element. It's certainly before any of this headed to court on any meaningful level.

So if you expanded coverage is mostly going to be "caught you!" stories, well... I guess the sheep got sheared!

Re:

Re:

So you are saying we should be lenient with a group that has proven they have no intention of holding those members of their organization accountable for when they screw up in these sorts of cases?

So they can ruin your life if they want to, we should give them the benefit of the doubt because there are rogue elements in their organization they refuse to hold accountable. But it's ok because they can't be expected to know what everyone is doing.